Storm Worm Strikes Back at Security Pros 371
alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."
In soviet russia... (Score:5, Funny)
Contact the users (Score:3, Funny)
or install GNU/Linux.
Is it... (Score:4, Funny)
The Latest Bond Script (Score:5, Funny)
Cats: Good evening, Mr. Bond, I was just hitting up some 3 am Taco Bell for fourth meal
Bond: *wheezes at the site of his archnemisis* Cats! I should have known it was you! You won't get away with this diabolical scheme!
Cats: Oh won't I, Mr. Bond? I have all of the world's computers trapped to do my bidding. What would you say if I told you I could bring any website to its knees with a DDOS attack? I noticed you have an apache http server running, Mr. Bond. Perhaps sharing pictures with your loved ones!? Well, I hope a billion attempts to access those images won't
Bond: My GOD! You've gone mad with power, Cats. You're a madman! You'll never get away with this. How do you even keep your franken net in check? What happens when it turns on you?
Cats: Oh, I think I will, Mr. Bond, Caribbean law is quite kind when it comes to orchestrating botnets. Prepare to say goodnight. Good luck making your raiding schedule, I hope you won't miss those 50 DKP!
*Bond's screen slows to a crawl as he rushes to turn off Apache*
Bond: Nooooooooooo!
Wait a minute... (Score:5, Funny)
Hello, Congress... (Score:3, Funny)
Running scared? (Score:5, Funny)
This pro ain't afraid, come on Stormbot, bring it. (Score:5, Funny)
Re:Is it... (Score:3, Funny)
Re:Who really knows (Score:1, Funny)
That is so 1999 you need to catch up with the times. The current fiasco is global warming. Al Gore told us so, so it must be true!
Re:Counter-DOS (Score:5, Funny)
Re:Ponders ... (Score:5, Funny)
Re:Contact the users (Score:5, Funny)
Re:Wait a minute... Isn't this the plot of The Mat (Score:5, Funny)
Re:Kung Fu Style? (Score:5, Funny)
No, you cannot establish a tcp or any other connection masquerading as someone else. Care to guess why?
Re:Contact the users (Score:4, Funny)
Re:The Latest Bond Script (Score:2, Funny)
Cats: How are you gentlemen!! All your base are belong to us!!
Re:Contact the users (Score:5, Funny)
Well, it would have to sound professional and reputable. Let me see if I can write a quick draft for you:
Dear Sir,
Based on the recommendation made to me by a reputable official of the abuse sector of a Major South African Internet Service Provider who guaranteed me of your reliability and trustworthiness in business dealings, I wish to entrust important information with you believing that it will be of our mutual benefit; this has to be highly confidential. If I may introduce myself, I am Dr Ben Oguejiofor of the Nigerian Network Operations Centre. I was the former Director of Projects and engineering in the Nigerian Army; I retired recently after Nigeria was pwned by the Storm worm. I wish to crave your indulgence in this business relationship that I will like to establish with you...
Sounds like the beginning of... (Score:4, Funny)
Re:Running scared? (Score:1, Funny)
It smells like attempt to flatter the persons responsible for creating and maintaining that botnet. They could get careless and reveal themselves while bragging about it in teh nets.
intehnets, heh how clever of me.
Re:A very simple solution. (Score:5, Funny)
Bookmark of cradle the desklamp, or coffee door bird the bubble wrap. Airport barcode of lunch train.
Football.
Re:Wait a minute... (Score:1, Funny)
Dammit.. I knew NOD was behind this.
Shatner: KANE! KAAAAAAAAAANE!
Re:Kung Fu Style? (Score:4, Funny)
Re:Who really knows (Score:4, Funny)
Time travel WORKS!
Re:Wait a minute... (Score:3, Funny)
telent console.storm.net ... sheesh.
Re:In soviet russia... (Score:4, Funny)
Oddly, this firewall entry:
Date: 10/25 00:27:30 Name: spp_portscan: portscan status from 66.35.250.150: 13 connections across 1 hosts: TCP(13), UDP(0)
Priority: n/a Type: n/a
IP info: n/a:n/a -> n/a:n/a
References: none found
Led to:
[someone@somebox ~]$ host 66.35.250.150
150.250.35.66.in-addr.arpa is an alias for 150.0/24.250.35.66.in-addr.arpa.
150.0/24.250.35.66.in-addr.arpa domain name pointer slashdot.org.
[someone@somebox ~]$ whois 66.35.250.150
[Querying whois.arin.net]
[whois.arin.net]
Savvis SAVVIS (NET-66-35-192-0-1)
66.35.192.0 - 66.35.255.255
VA Software SAVV-S234813-4 (NET-66-35-250-0-1)
66.35.250.0 - 66.35.250.255
# ARIN WHOIS database, last updated 2007-10-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Re:Contact the users (Score:2, Funny)